Prepaid Hoster FAQ

At Prepaid-Hoster, the security of your server is our top priority. That’s why we have developed the Security Manager – a powerful tool that checks your Linux server for known vulnerabilities and provides advice on how to address these weaknesses. In this FAQ entry, you will learn about the security checks performed by the Security Manager and effective ways to secure your server.

Possible Vulnerabilities

At Vionity, we assess your Linux server for potential vulnerabilities. We focus on common weaknesses that even inexperienced users can address.

Name	Issue	Description
SSH Default Port	Using the standard SSH port	The standard SSH port (22) is widely used and therefore a popular target for attacks. Changing the port can enhance security.
FAIL2Ban not installed	Lack of protection against brute-force attacks	FAIL2Ban is a security program that blocks IP addresses after multiple failed login attempts. Without FAIL2Ban, the server is more susceptible to brute-force attacks.
No Root SSH Keys	Authentication via password	SSH keys are more secure than passwords. Without SSH keys, the server is more vulnerable to password theft and brute-force attacks.
SSH Root Password Auth enabled	Allowing root login via password	Direct root login via password is insecure. It is better to disable root logins or only allow them through SSH keys.
Failed Login attempts (high)	Many failed login attempts	Many failed login attempts can indicate brute-force attacks. This requires immediate attention and appropriate measures.
Java Root Process	Running Java as root process	Java processes running as root can pose a security risk as any vulnerability in Java can provide full access to the system.
TeamSpeak Root Process	Running TeamSpeak as root process	Running TeamSpeak processes as root can jeopardize the entire system in the event of software vulnerabilities.

Detailed Description of Security Issues

SSH Default Port

The SSH default port 22 is often the target of automated attacks. Changing this port to a less well-known number can reduce the attack surface of your server. This is a simple but effective measure to enhance security.

FAIL2Ban not installed

FAIL2Ban protects your server from brute-force attacks by blocking IP addresses after multiple failed login attempts. Without this safeguard, your server remains vulnerable to repeated attack attempts that could ultimately succeed.

No Root SSH Keys

Using SSH keys instead of passwords offers higher security. Passwords are more prone to being stolen or guessed through brute-force attacks, while SSH keys are more difficult to compromise. It is recommended to allow root access only through SSH keys.

SSH Root Password Auth enabled

Direct root logins via password should be disabled as they pose a significant security risk. It is safer to grant root access only to a regular user who can then obtain root privileges using sudo or su.

Failed Login attempts (high)

A high number of failed login attempts can indicate ongoing brute-force attacks. It is important to monitor these attempts and take appropriate measures such as blocking the attacker’s IP or implementing additional security mechanisms.

Java Root Process

Java applications should not be run as root processes as vulnerabilities in Java can lead to complete system compromise. It is safer to run Java applications with a non-privileged user.

TeamSpeak Root Process

Similar to Java, TeamSpeak should not be run as a root process. Security vulnerabilities in TeamSpeak could be exploited to compromise the entire system. It is better to run TeamSpeak with its own restricted user account.

General Advice

Regular Updates

Ensure that your system and all installed packages are regularly updated. Security updates address known vulnerabilities and enhance stability. Learn how to update your VServer on our FAQ page.

Set Up a Firewall

Use a firewall like ufw (Uncomplicated Firewall) or iptables to prevent unauthorized access. Enable only the necessary ports.

User Management

Create separate user accounts for different tasks and grant only the necessary permissions. Avoid working regularly as the root user.

Create Backups

Make regular backups of your data and configurations. Automate the backup process to prevent data loss.

Don’t Copy Commands You Don’t Understand

Look at a command before copying it into your console. A wrong rm -rf or a chmod in the wrong directory can jeopardize the security of your server and render it unusable.

Quick Solutions

• How do I change the SSH port?
• Creating and using SSH keys
• Disabling SSH password authentication

Sources

• SSH Security Best Practices
• FAIL2Ban Official Documentation
• SSH Key Authentication Guide
• Java Security Overview
• TeamSpeak Security Advisory

If you need further information or specific guidance on implementing security measures, please let me know!

You’re trying to access your server but it’s not working? You’re receiving a message that the login credentials are incorrect? Don’t worry! We’re here to help you. Let’s work together to get RDP access to your Windows server.

Check the installation

If you order a Windows server from Prepaid-Hoster, it will initially be delivered with a Linux system. You need to install Windows on the server through the web interface. In the Cloud Manager, “Windows Server” should be selected in the operating system field. If not, perform the Windows installation first.

Default login credentials

You can find your login credentials in Vionity in the Cloud Manager.

IP Address	See welcome email/web interface
Username	Administrator
Password	See welcome email/web interface

Troubleshooting

Check the username

Make sure you enter the correct username. By default, this should be either Administrator or LocalAccount\Administrator. Sometimes a typo or incorrect capitalization can be the cause.

Reset the password in the web interface

If you’re sure that the username is correct but the password still isn’t working, you can reset it in the web interface. Log in to your Prepaid-Hoster account, navigate to the RDP settings, and reset the password to the default value. After that, you can log in with the new password.

Use IP address instead of hostname

Try using the direct IP address of the server instead of the hostname. In some cases, this can solve connection problems caused by DNS or network issues.

Other common sources of errors and solutions

• Typos: Double-check that you entered the password correctly. Pay attention to uppercase and lowercase letters.
• Special characters: Sometimes certain characters in the password can cause problems. Try using a simpler password without special characters to narrow down the issue.
• Connection settings: Verify that your network settings are correct and that you have a stable internet connection.

If the above steps don’t solve your problem, you can contact Prepaid-Hoster support. Prepare all relevant information to expedite the process. The exact error message you receive during login will be crucial – preferably send it to us.

In this guide, you will learn how to connect to your server using the SSH client PuTTY. We will be using example data for this purpose. If you are unsure about which data is being referred to, you can find all the data in the Cloud Manager of your virtual server.

We will be using the IP address 62.68.75.47, the default port 22, and the password cxp9zqaJ.

Connection guide

Downloading and installing PuTTY

1. Download PuTTY: Go to the official PuTTY website and download the latest version for your operating system.
2. Installation: Run the downloaded file and follow the installation instructions.

Starting PuTTY

1. Open PuTTY: After the installation, open PuTTY. You will see the configuration window where you can set up your connection settings.

Configure connection settings

1. Host Name (or IP address): Enter the IP address of your server: 62.68.75.47.
2. Port: The default SSH port is 22. Make sure this port is entered.
3. Connection type: Select SSH if it is not already selected.
4. Save session (optional): If you want to save these connection settings for future use, enter a name under “Saved Sessions” (e.g. “My Server”) and click “Save”. This will allow you to easily restore the connection later. Your window should now look like this.

Establishing the connection

Tip: If you receive a prompt regarding a host key, click “Yes”. This message should only appear during the first connection.

1. Click Open: Click “Open” to establish the connection. A terminal window will open and prompt you to enter your username.
2. Enter username: Enter root and press Enter.
3. Enter password: You will now be prompted for your password. Enter the password cxp9zqaJ and press Enter. Note that the password will not be displayed during input (not even as asterisks). Your terminal window should now look like this:

Successfully connected

If you have entered everything correctly, you are now successfully logged in to your server. You should see a prompt that looks like this:

root@62540-47788:~#

Now you can navigate the Linux file system, update the server to the latest version, or install programs.

IPv6 addresses offer numerous advantages for modern networks, particularly in server administration. With multiple IPv6 addresses, you can run different services on different addresses, manage security zones better, and set up virtual hosts. This improves the organization, security, and accessibility of your services.

However, when using KVM servers with Vionity, there is a challenge: Vionity overwrites the interfaces file with each restart, causing manual changes to be lost. To ensure that additional IPv6 addresses persist after each restart, alternative methods like scripts in the if-up.d and if-down.d directories are necessary. These guarantee a stable and consistent network configuration despite Vionity’s interventions.

Step-by-step guide

If you want to add additional IPv6 addresses to your default interface (e.g., eth0) and ensure that these settings persist after a reboot, follow this guide. Here, you will learn how to create scripts for if-down.d and if-up.d to add and remove the IPv6 address 2a12:edc0:4:1337::4242/64.

Make sure you have root privileges, as you will need to make changes to the network scripts.

Add IPv6 address

Create script for if-up.d:
Create a new file in the directory /etc/network/if-up.d/. Name it, for example, add-ipv6.

sudo nano /etc/network/if-up.d/add-ipv6

Content of the script add-ipv6:

#!/bin/sh
# Add additional IPv6 address when eth0 interface comes up

if [ "$IFACE" = "eth0" ]; then
   ip -6 addr add 2a12:edc0:4:1337::4242/64 dev eth0
fi

Make the file executable:

sudo chmod +x /etc/network/if-up.d/add-ipv6

Remove IPv6 address

Create script for if-down.d:
Create a new file in the directory /etc/network/if-down.d/. Name it, for example, remove-ipv6.

sudo nano /etc/network/if-down.d/remove-ipv6

Content of the script remove-ipv6:

#!/bin/sh
# Remove additional IPv6 address when eth0 interface goes down

if [ "$IFACE" = "eth0" ]; then
   ip -6 addr del 2a12:edc0:4:1337::4242/64 dev eth0
fi

Make the file executable:

sudo chmod +x /etc/network/if-down.d/remove-ipv6

Test the configuration

After creating and executing the scripts, you can restart your network interface to test the configuration:

sudo ifdown eth0 && sudo ifup eth0

Then, check if the IPv6 address has been added correctly:

ip -6 addr show dev eth0

If everything is set up correctly, the IPv6 address 2a12:edc0:4:1337::4242/64 should be displayed.

We have released a new generation of configurable KVM Root Servers. Let’s explain the differences.

New pricing structure

To accommodate all the new features of the web interface as well as reflect the quality of the servers, we have improved the pricing structure. The IPv4 address is now additionally calculated in the configurator. You can now book 3 additional IP addresses. The price per IP address is reduced to 0.99 Euro.

Traffic and bandwidth

Our KVM Servers 3.0 now come with 10 TB of high-speed traffic per month and up to 2 Gbit/s connection speed. Previously, it was only 2 TB with a maximum speed of 1 Gbit/s. Please note that the network traffic is subject to a strict policy.

We throttle server traffic and reserve the right to terminate the contract without notice if the following traffic is detected:

• VPN traffic outside your own household
• Traffic through any kind of Tor nodes
• Torrent involving copyright-protected material
• Proxy (similar) traffic outside your own household
• IPTV
• 24/7 livestreams to Twitch/YouTube, etc.

Otherwise, we are relatively unconcerned about your traffic behavior.

New web interface functions, features, and benefits

New functions for the Cloud Manager will no longer be available for the 2.0 servers. So if you want to benefit from the latest web interface features, you should get a KVM 3.0 server.

How long can I keep my old server?

Existing servers can still be used. They will continue to run as long as the server is paid for.

Can I migrate the server?

Direct migration is not possible. You would need to order a new server and set it up. You can create a backup of your old server and restore it on your new server. With prior agreement, we can transfer the old IP address to the new server for a fee of 5.00 Euro.

Affordable alternative

If you are not satisfied with the pricing of the new KVM Root Servers, we have something else for you: Our Smart Value Root Servers. These are packages based on KVM technology, but cheaper and with less flexibility.

If you only need a server without all the bells and whistles, the Smart Value Root Servers are perfect for you. We have already summarized the difference here.

We now offer pre-configured packages. These packages are cheaper than the configurable option. Find out more here.

What exactly do I save with the Smart Value Root Server?

The advantage is clear: when you choose one of our Smart Value Root Servers, you save immediately and consistently compared to the regular price of a configurable KVM Server. And the best part? You get this saving with a server that is hardware-identical – meaning it has the same number of cores, RAM, and storage space.

Does that mean I get less flexibility?

Not necessarily. The Smart Value Root Server is designed for projects where you have a clear idea of your requirements and they don’t change constantly. For dynamic requirements that need more specific and frequent adjustments, a configurable server might make more sense. However, even with Smart Value servers, you have the flexibility to switch between packages or add additional resources at any time as your project grows.

How can I be sure that a Smart Value Root Server is the right choice?

We recommend using our Server Finder. With just a few clicks, you’ll receive a recommendation that best suits your project – whether it’s a Smart Value or configurable option. This way, you can be sure that you not only save money but also get the exact performance you need.

What features are not available with Smart Value Root Servers?

If you choose a Smart Value Root Server, you should be aware that some options available with configurable servers are not included or are different:

1. Contract Flexibility: Smart Value Servers cannot be canceled on an hourly basis via the web interface. The server will run for as long as you have ordered it in advance with your balance.
2. Customization: There is no granular upgrade or downgrade function. Adjustments in fine increments, as found with configurable servers, are not possible here.
3. Operating System Selection: Windows is not available by default with Smart Value Servers, but you can install it yourself via a custom ISO if necessary.
4. IP Addressing: An IPv4 address is not included by default but can be added as an optional feature.
5. DDoS Profile for IPv6: Setting a specific DDoS profile for IPv6 addresses is not possible with these servers.
6. Data Volume: Compared to configurable servers, the included traffic volume is lower: you will receive 2 TB instead of 10 TB of traffic (KVM 3.0) per month.
7. Network Speed: The maximum network speed is limited to 1 Gbit/s with Smart Value Servers, while configurable servers can reach speeds of up to 5 Gbit/s.

It can happen that there is no internet connection after a fresh installation of Windows on your server. This problem occurs frequently and is usually caused by not having a DNS server configured in the network settings. But don’t worry, we have a simple solution for this.

Problem

You have just installed Windows on your server and find that you have no access to the internet. This can be quite frustrating, especially if you want to continue setting up your server. This problem is usually caused by Windows not configuring a DNS server by default, which is necessary for name resolution and thus accessing websites on the internet.

Solution

Fortunately, we have a special feature in the Cloud Manager that can solve this problem with just a few clicks. Here’s what you need to do:

1. Log in to the Cloud Manager: Use your login credentials to sign in to our web interface.
2. Navigate to the advanced management options: In the main menu of the Cloud Manager, you will find the panel “Advanced Management Options”. Click on it to proceed.
3. Set DNS server: In the advanced management options, you will find a button labeled “Set DNS server (automatically sets the nameservers in the network adapter)”. Click on this button.
4. Wait for automatic configuration: After clicking on the button, the DNS servers will be automatically set in your network adapter. This should not take long.

Once the process is completed, your server should be able to connect to the internet. You can confirm this by trying to open a website in a browser or by executing a ping command in the command line.